Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qf_TSCtLV1GRt2cSJILovBZPZLY.roa
File: qf_TSCtLV1GRt2cSJILovBZPZLY.roa (raw, json)
Hash identifier: e+/5O0HIOoCbp5CcEKzyURtPqKMv5p0PKOOQJpgknm8=
Subject key identifier: A9:FF:D3:48:2B:4B:57:51:91:B7:67:12:24:82:E8:BC:16:4F:64:B6
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019DB0FD46A771726CBBFC8CEC2F3B845577
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qf_TSCtLV1GRt2cSJILovBZPZLY.roa
Signing time: Tue 21 Apr 2026 17:01:21 +0000
ROA not before: Tue 21 Apr 2026 17:01:21 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 31715
IP address blocks: 2.26.220.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 04 May 2026 08:01:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:b0:fd:46:a7:71:72:6c:bb:fc:8c:ec:2f:3b:84:55:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 21 17:01:21 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=a9ffd3482b4b575191b767122482e8bc164f64b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:5b:36:3f:e8:e4:e3:74:a8:1c:1d:d4:34:34:
56:83:ff:52:77:93:2b:c2:51:de:f8:60:19:c7:c9:
17:eb:83:b4:3a:e8:cc:cf:12:1c:b8:88:3e:b0:94:
f9:51:f3:8e:fe:00:72:eb:9f:ae:4e:cc:8d:38:50:
dd:a3:cf:a5:4e:ba:e8:e2:56:46:f7:f9:33:ab:10:
f2:5e:ed:de:22:38:0d:83:ff:3c:f4:42:65:2f:53:
d6:9c:c9:77:ed:58:21:42:47:2d:5a:80:a7:03:bb:
43:46:62:52:66:c7:95:4a:90:10:1e:e7:91:e4:ca:
e2:1a:0c:1b:06:2e:91:70:06:8e:72:d4:a5:f1:a4:
f5:6d:dc:35:90:71:b0:e9:08:c5:74:8b:03:57:be:
b7:b4:7e:46:42:6e:7e:09:00:9f:3a:99:3d:63:70:
d5:6c:58:ab:07:12:3c:7a:df:d7:db:a2:a0:51:32:
4a:ae:01:58:3f:30:3c:a9:2f:92:b8:50:76:1c:5a:
22:a8:79:93:50:bc:f3:d0:d8:3d:17:b1:8d:34:80:
1b:9e:60:00:ca:71:3c:ae:71:02:c1:e6:c5:87:d5:
71:f4:59:0a:d0:f7:44:a7:dc:1a:01:fa:9e:da:d3:
25:53:67:c1:b0:f7:53:4f:30:45:f0:5a:0b:ac:22:
ec:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:FF:D3:48:2B:4B:57:51:91:B7:67:12:24:82:E8:BC:16:4F:64:B6
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qf_TSCtLV1GRt2cSJILovBZPZLY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.220.0/24
Signature Algorithm: sha256WithRSAEncryption
16:1c:a4:f9:b5:d2:6e:8c:04:b8:f2:5e:a4:e4:23:40:11:c9:
55:36:8f:2e:1b:83:53:e9:a8:87:4f:4f:0d:91:e8:ba:37:22:
1c:26:0d:a1:68:ab:52:31:33:f6:45:7a:1f:26:6a:f4:f6:25:
a0:96:ba:6c:c0:9b:b2:a8:97:e5:ac:06:db:1a:9d:63:05:7f:
ed:fe:d6:47:c2:81:6f:c4:e8:2c:4c:b4:ff:72:be:0d:d1:c4:
63:ae:18:46:9f:5e:9d:b3:26:57:7f:4f:0b:21:75:b4:23:81:
b0:7c:e1:7b:3a:c5:a2:5e:25:c4:c9:dd:c7:ef:12:69:38:f9:
64:9c:93:04:9b:b6:90:ba:07:77:5b:02:ce:8c:c0:e3:6f:60:
6b:93:e4:1f:aa:b5:da:05:3d:13:c1:30:7d:28:5d:32:09:44:
14:8e:0e:0f:0f:9d:48:89:e4:af:eb:b4:a7:45:42:da:28:2a:
70:46:ab:19:b9:a4:c2:30:aa:84:63:5d:41:7b:a7:53:22:0e:
23:f6:ae:06:f9:f6:d4:59:dd:51:27:b0:20:bb:79:2d:5f:7d:
af:f1:3e:f1:13:aa:88:f3:ba:88:a5:49:24:85:bc:50:8f:3f:
0c:af:11:24:b6:c9:5d:c3:cc:bd:90:86:7d:21:de:b8:22:28:
ec:31:fc:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2w/UancXJsu/yM7C87hFV3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDIxMTcwMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWZmZDM0ODJiNGI1NzUxOTFiNzY3MTIyNDgyZThiYzE2NGY2NGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVs2P+jk43SoHB3UNDRWg/9Sd5Mr
wlHe+GAZx8kX64O0OujMzxIcuIg+sJT5UfOO/gBy65+uTsyNOFDdo8+lTrro4lZG
9/kzqxDyXu3eIjgNg/889EJlL1PWnMl37VghQkctWoCnA7tDRmJSZseVSpAQHueR
5MriGgwbBi6RcAaOctSl8aT1bdw1kHGw6QjFdIsDV763tH5GQm5+CQCfOpk9Y3DV
bFirBxI8et/X26KgUTJKrgFYPzA8qS+SuFB2HFoiqHmTULzz0Ng9F7GNNIAbnmAA
ynE8rnECwebFh9Vx9FkK0PdEp9waAfqe2tMlU2fBsPdTTzBF8FoLrCLsNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKn/00grS1dRkbdnEiSC6LwWT2S2MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcWZfVFNDdExWMUdSdDJjU0pJTG92QlpQWkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhrcMA0G
CSqGSIb3DQEBCwUAA4IBAQAWHKT5tdJujAS48l6k5CNAEclVNo8uG4NT6aiHT08N
kei6NyIcJg2haKtSMTP2RXofJmr09iWglrpswJuyqJflrAbbGp1jBX/t/tZHwoFv
xOgsTLT/cr4N0cRjrhhGn16dsyZXf08LIXW0I4GwfOF7OsWiXiXEyd3H7xJpOPlk
nJMEm7aQugd3WwLOjMDjb2Brk+QfqrXaBT0TwTB9KF0yCUQUjg4PD51IieSv67Sn
RULaKCpwRqsZuaTCMKqEY11Be6dTIg4j9q4G+fbUWd1RJ7Agu3ktX32v8T7xE6qI
87qIpUkkhbxQjz8MrxEktsldw8y9kIZ9Id64IijsMfw8
-----END CERTIFICATE-----
Generated at Sun May 3 18:41:58 2026 by rpki-client